In the light of the highly anticipated new General Data Protection Regulation, which will come into force on 25 May 2018, this month Finance Monthly reached to Alan Calder – the founder and Chief Executive of the single-source provider of products and services in the IT governance, risk management and compliance sector – IT Governance. Alan is an acknowledged international cybersecurity guru and a leading author on information security and IT governance issues and over the next couple of pages he discusses all things data protection and GDPR.
What are the common issues that businesses face, with regards to data protection? How can these be avoided? What should be the main data protection considerations for businesses?
In 2016, a large number of high-profile organisations suffered a data breach or were targeted by cyber-attacks. In executing cyber-attacks, criminals rely on exploiting weakness: well-known methods such as phishing scams and spear phishing exploit human gullibility, weak and unchanged default passwords, unpatched, vulnerable and outdated software, all allow attackers and malicious code into your systems.
Every organisation should tighten up in the three main areas that attackers target: their people, their processes and their technology. Clients can protect themselves with anti-malware, or by switching on a firewall but that’s only one part of the cyber security.
Criminals also take advantage of internal staff and employees unaware of the current cyber threats to get access to the organisation’s most valuable assets.